Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
  • DIRECTORY
  • CRYPTO
    • ETHEREUM
    • BITCOIN
    • ALTCOIN
  • BLOCKCHAIN
  • EXCHANGE
  • ADOPTION
  • TRADING
  • HACKING
  • SLOT
  • CASINO
Crypto Flexs
Home»HACKING NEWS»VFAT SICKLE Audit Summary -Ackee Blockchain
HACKING NEWS

VFAT SICKLE Audit Summary -Ackee Blockchain

By Crypto FlexsMay 16, 20254 Mins Read
Facebook Twitter Pinterest LinkedIn Tumblr Email
VFAT SICKLE Audit Summary -Ackee Blockchain
Share
Facebook Twitter LinkedIn Pinterest Email

VFAT is a yield Agrigator that uses the Natt Smart Contract Wallet for yield agriculture. Reduce complex tasks such as input and termination, complex or re -adjustment in the position.

VFAT conducted a security review of the VFAT protocol as a total time donation of 18 engineering days in the period between March 4 and March 28, 2025 to participate in Ackee Blockchain Security. Then the second security review focused on modifications of the problem found in the first security review. Other code changes were not thankful.

We are grateful for the optimism that approves subsidies that are partially funded for this and the second audit of VFAT.

methodology

We started reviewing using static analysis tools, including Wake. Then I dive about the logic of the contract.

During the review, we paid special attention later.

  • The arithmetic guarantee of the system is correct.
  • Reinvision detection possible in the code;
  • Safety confirmation of using delegateCall;
  • Access control is not too comfortable or strict.
  • Accuracy confirmation of implementation of the possibility of upgrade; and
  • We are looking for common problems such as data verification.

range

The first audit was performed for the commit. 357593f And the range is as follows:

  • contracts/Automation.sol
  • contracts/ConnectorRegistry.sol
  • contracts/NftSettingsRegistry.sol
  • contracts/PositionSettingsRegistry.sol
  • contracts/Sickle.sol
  • contracts/SickleFactory.sol
  • contracts/SickleRegistry.sol
  • contracts/governance/SickleMultisig.sol
  • contracts/libraries/FeesLib.sol
  • contracts/libraries/NftSettingsLib.sol
  • contracts/libraries/NftTransferLib.sol
  • contracts/libraries/PositionSettingsLib.sol
  • contracts/libraries/SwapLib.sol
  • contracts/libraries/TransferLib.sol

For completeness, we had to review the following parent contracts.

  • base/Admin.sol
  • base/Multicall.sol
  • base/NonDelegateMulticall.sol
  • base/SickleStorage.sol
  • base/TimelockAdmin.sol

The revision review was performed in a given commit. 1c20e7e.

Security discovery classification is determined by two grades. influence and What can be. This two -dimensional classification helps to clarify the seriousness of individual problems. The problem to be evaluated middle It is severe, but the possibility of being found only by the team is generally reduced according to the possibility. wAnnings or menFormational Severe rating.

Our review results have emerged 31 resultsIt ranges from information to seriousness. The most serious discovery H1 allows administrators (malignant or damage) to drain all user wallets. Intermediate severity problem M1 can be executed in full execution. setReferralCode function. Most of the results are warnings that refer to a variety of omissions, code quality issues and exemplary cases.

The second security review was limited to the problems found in the first security review, and no other code change was not appreciated. Twenty problems were solved, three problems were partially fixed, seven problems were recognized, and H1 was invalidated by VFAT. Read more information in the entire audit report linked to the end of the article.

Threshold

There was no important serious problem.

The severity is high

H1: White list callers can perform delegateCall in all humility.

Intermediate

M1: Recommended code setter can be a front run run

Low severity

L1: Non -contract registration agencies can go back

Significance of warning

W1: Incomplete data verification for NFT location

W2: Duplicate bottle search

W3: Potential underflow or overflow of tic range calculation

W4: Variable Shadow

W5: Insufficient data verification PositionSettingsRegistry contract

W6: Incorrect price calculations in POSITSETTINGSREGISTRY

W7: Incorrect use of initialization

W8: Variable name rules

W9: Step 1 ownership transfer

W10: Featokens’ duplicate tokens can lead to inconsistent fee calculations.

W11: ETH and WETH’s inconsistent handling over the Feeslib contract

W12: ambiguous handling of basic value in Swaplib contract

W13: Inheritance with misunderstanding

W14: Input array length validation verification

W15: There is no data verification in the addition and update of the registry

W16: The zero address verification has been missing

Information seriousness

I1: Duplicate Code

I2: Use of magic constant

i3: Definition of unified storage variables

I4: duplicate storage variable

i5: mapping isCustomRegistry Duplicate

I6: Unconsistent functional name rules

i7: Error in the printing of the functional commentary

i8: Odo error name

I9: Unused errors

I10: Duplicate function

I11: Duplicate registry validation has been missing

i12: Error of Document

Trust model

This protocol must trust the manager who controls important parameters (fare, white list, connector update) and automatically running the task on behalf of himself. The user maintains the centralized control point while the user controls the Nat instance and the location settings. Trust risks are partially relaxed through hard -coded limits and multi -IG requirements. However, users must accept the risk of centralized control and potential trading manipulation of automatic devices that can control transaction timing.

conclusion

AcKee Blockchain Security recommends VFAT.

    • Set off chain monitoring for the following purposes M1 find; and
    • Solve all other reports.

You can find the entire VFAT SICKLE audit report of AcKee Blockchain Security. here.

We are pleased to thank VFAT and expect to work again.

Share. Facebook Twitter Pinterest LinkedIn Tumblr Email

Related Posts

Wake’s GMX Hacking Analysis and Attack Scenario

July 25, 2025

How to Start with Web3 and Crypto -Dew Prehtation

July 23, 2025

FTT increases by 7% as the backpack starts the platform to help victims clear liquidation.

July 21, 2025
Add A Comment

Comments are closed.

Recent Posts

Ripple CTO’s amazing regret for censorship

July 26, 2025

Ether Leeum validation exit exit queue will explode with 521,000 ETH ATH.

July 26, 2025

Wake’s GMX Hacking Analysis and Attack Scenario

July 25, 2025

Pepeto Announces $5.5M Presale And Demo Trading Platform

July 25, 2025

$75K In Rewards Announced For Valhalla’s First-Ever Tournament

July 25, 2025

Bitcoin Market Bullish? DL Mining Launches $100 Bonus + Sustainable Cloud Mining

July 25, 2025

Bybit And Tether Launch Strategic Partnership To Accelerate Crypto Adoption In Brazil

July 25, 2025

Remittix Presale Raises $17M After Revealing Next-Gen Web3 Wallet Beta Launch Date

July 25, 2025

Pioneering Real-World Asset Tokenization In The U.S. Market

July 25, 2025

How to travel to the world with encryption wallet?

July 25, 2025

LFG… Launches AI Alpha Pilot For Meme-Coin Hunters

July 24, 2025

Crypto Flexs is a Professional Cryptocurrency News Platform. Here we will provide you only interesting content, which you will like very much. We’re dedicated to providing you the best of Cryptocurrency. We hope you enjoy our Cryptocurrency News as much as we enjoy offering them to you.

Contact Us : Partner(@)Cryptoflexs.com

Top Insights

Ripple CTO’s amazing regret for censorship

July 26, 2025

Ether Leeum validation exit exit queue will explode with 521,000 ETH ATH.

July 26, 2025

Wake’s GMX Hacking Analysis and Attack Scenario

July 25, 2025
Most Popular

Digital artists from Solana (SOL) transform Art Basel Miami Beach

November 17, 2024

KZG Awards Special Donation | Ethereum Foundation Blog

December 1, 2023

Byreal Launches With Strategic Support From Bybit On Solana

June 21, 2025
  • Home
  • About Us
  • Contact Us
  • Disclaimer
  • Privacy Policy
  • Terms and Conditions
© 2025 Crypto Flexs

Type above and press Enter to search. Press Esc to cancel.